Password-Based Simsec Protocol
Total Page:16
File Type:pdf, Size:1020Kb
DUJE (Dicle University Journal of Engineering) 11:3 (2020) Page 1021-1030 Research Article Password-Based SIMSec Protocol 1,* 2 Sedat AKLEYLEK , Engin KARACAN 1 Ondokuz Mayıs University, Department of Computer Engineering Engineering, Engineering Faculty, Samsun, Turkey [email protected] https://orcid.org/0000-0002-2306-6008 2 Ondokuz Mayıs University, Computational Sciences Program, Graduate School of Sciences, Samsun, Turkey [email protected] https://orcid.org/0000-0002-2306-6008 ARTICLE INFO ABSTRACT Article history: Received 17 June 2020 The purpose of the SIMSec protocol is to provide the infrastructure to enable secured access between the Received in revised form 25 August 2020 SIM (Subscriber Identity Module) card which doesn’t have an ephemeral key installed during production Accepted 30 August 2020 and the service provider. This infrastructure has a form based on agreements among the mobile network Available online 30 September 2020 manufacturer, the user, the service provider and the card manufacturer. In order to secure transactions, authentication methods are used based on the fact that both parties can verify that they are the parties Keywords : they claim to be. In this study, the key exchange and authentication models in the literature have been surveyed and the password-based authentication model is chosen. For the SIMSec protocol, the Authentication, Key, Exchange, password-based authentication algorithm is integrated into the SIMSec protocol. Thanks to the proposed SIMSec new structure, phase differences in the SIMSec protocol are shown. As a result, a new key exchange protocol is proposed for SIM cards. Doi: 10.24012/dumf.753942 * Corresponding author Sedat, Akleylek [email protected] Please cite this article in press as S. Akleylek, E. Karacan, “Password-Based SIMSec Protocol”, DUJE, vol. 11, no.3, pp. 1021-1030, September 2020. 1 DUJE (Dicle University Journal of Engineering) 11:3 (2020) Page 1021-1030 Introduction been produced and the secret key has not been When the development process of loaded. communication technology is examined, it is Various different models have been investigated seen that mobile phones cover a great place. It to provide for secure communication of SIM has been observed that mobile phone usage areas technology. In some of these models, secret keys have increased in proportion to time so far. At were assigned during production process [3-8]. the beginning mobile phones were served to However in [3], while secret keys weren’t users for voice calls and short message services. assigned during production process, it was With the advances in communication proposed that keys that they developed assign technology, it has helped secure transactions exchange protocol stack to SIM technology for such as mobile banking, mobile signature and providing secure communication. mobile payment through the developing system. This study will be categorized into four sections. Thanks to these developments, cash out In the first section, the literature review and the transactions, online shopping, credit card usage, content of the study are described. Section 2 online payments, e-commerce and the like can based on the latest years usage of smartphones be secured safely via SIM on today's devices and smart devices that work with SIM, the [1,2,3]. The secure provision of these services infrastructures and the mathematical structures depends on the security of communications of the key exchange and authentication models between the service providers and the SIM. SIM in the literature are examined for the security of technology has been developing every year. SIM SIM technology. It is mentioned the differences memory sizes update itself with advancing between analyzed models. In Section 3 to ensure technology. These SIMs are installed by card SIM security password-based SIMSEC protocol manufacturers with ephemeral key protocols to is proposed and the infrastructure of the method ensure secured access between service providers is shown mathematically. In the last section, the and the SIM. In this study, transaction and results obtained in the study and the studies that memory costs are taken into consideration with a are aimed to be done in the future are given and similar mentality in SIMSec protocol. a hybrid model is presented using the password- Key exchange can be defined as a protocol for based key exchange model and SIMSec protocol two mutual parties to negotiate a secret key. The together. It is stated that reliable models will be authentication method can be defined again as a studied on providing the infrastructure enabling protocol that are established by verifying that the secured access between SIM cards that are not two parties are the parties they are claiming loaded with an ephemeral key during the each other to be. Key exchange and production and service provider. authentication methods for the secured access of Key Exchange and Authentication Models the parties take an important place in the literature. This section summarizes the working principles and mathematical backgrounds of password- Related Works: based password-protected models from key Today, SIM Cards (64kb 128kb 356kb 512kb) exchange and authentication models in a study with different capacities are produced by card [9,10]. The notations and parameters used in all manufacturers. Secret keys are loaded on these models discussed throughout the study are given cards during production in order to provide end- in Table 1. to-end secure communication over the produced cards. With the developing technology, communication security can be attacked. The attacker can cause problems by attacking this communication channel, such as changing data, listening and breaking data [1,2]. End-to-end communication has been made safer with the suggestion presented in this paper. A new key exchange protocol is proposed to the SIM cards with the presented method, where the card has 1022 DUJE (Dicle University Journal of Engineering) 11:3 (2020) Page 1021-1030 Table 1. Notations Password–based protocol (PAK) Parameters Definitions The biggest problem in the password-based π Password of client protocol (PAK) model is to estimate the π value of the client [12,13]. If the attacker knows the p Large prime number of at least 1024 bits value π and has an idea of how the algorithm q g / p-1 prime number will work, the attacker can find all tA, tB values. G Zp subgroup An attacker could damage the communication g Generator of group G information between the parties. Therefore, rA, rB Figures randomly selected in the session Bellare has customized the key generation Zp Set of integers with elements 0 to p-1 function to make it difficult to find the session rA rB tA, tB tA= g tB= g key. However, the symmetric encryption xA, xB Client and server’s private long passwords algorithm used in the protocol must provide ZAB Shared information (secret) randomness characteristics. Boyko obtained the KAB Derived session key “P” value by using relatively prime values [14] Hİ (.) Unicast sum functions. H1 H2 H3… between r and q in the protocol set called PAK. With the help of these values, the switch in Diffie-Hellman encrypted key exchange group G was produced. The proposed key (EKE) exchange protocol is given in Figure 2 [15]. Encrypted key exchange In the Diffie-Hellman- Since the PAK protocol uses the summary EKE model is that a shared key is encrypted function and the “r” value in calculating P, the with a public key by using the password and is cost is higher than Diffie-Hellman. Another sent from client to server so that the client and difference between the two protocols is the server can communicate securely [11]. Only the customization of the key generation function. party who knows the password can complete the So, the authentication mechanism was added. protocol. The flow of this protocol is given in Figure 1 [11,12]. rA rB ZAB= (g ) rB rA ZAB= (g ) rB rA rA rB ZAB= (g ) ZAB= (g ) Fig. 1. Diffie-Hellman-EKE This protocol was developed against “partition” attacks. According to this idea, the attacker who guesses the password can check whether the values tA and tB are valid. This set of protocols is based on the difficulty of finding the parameters selected by the attacker [12]. Fig. 2. Password–based Protocol (PAK) 1023 DUJE (Dicle University Journal of Engineering) 11:3 (2020) Page 1021-1030 Password protected key exchange (PPK) r.r-1 ≡ 1 mod q P P 푚 푚 1 푚 푚 푡 = = = ℎ−q ሺ푚표푑 푞ሻ = 퐴 ℎq . 푃 푃 ℎq 푃 푃 rB rA rA rB rB rA rA rB ZAB= (g ) ZAB= (g ) ZAB= (g ) ZAB= (g ) Fig. 3. Password protected key exchange protocol (PPK) Fig. 4. Password–based protocol-R protocol (PAK-R) In the password protected key exchange (PPK) model, it is harder for an attacker to obtain the Password–based protocol-Y (PAK-Y) “π” value. The client calculates P1 and P2 using The PAK-Y model, called the Y-password-based the values “π” and “r”[14]. This brings an extra key exchange protocol, refers to the PAK model calculation cost for the client. The PPK model is as the PAK-R model [18]. The problem in this shown in Figure 3 [14, 16]. model as well is that the attacker finds the π Password–based protocol-R (PAK-R) value that the client has. As with the PAK model, an attacker can find all tA, tB values if he The R-password-based protocol (PAK-R) refers has any idea about the π parameter and the to the PAK model [16,17]. The main difference algorithm. In order to avoid this situation, it is with PAK is that the calculation costs of the made difficult to find π value in PAK-Y model.